package com.kx.springsecurity.controller;

import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

/**
 * @ClassName UserController
 * @Author Sun
 * @Date 2021/5/25 19:35
 */
@RestController
@RequestMapping("/users")
public class UserController {

    //前置的认证,也就是在访问这个地址之前需要进行认证  hasRole通过角色认证实际上判断是 ROLE_xxx
    @PreAuthorize("hasRole('admin')")
    @RequestMapping("/add")
    public String add(){
        return "add";
    }

    //hasAuthority 通过权限认证,没有前缀，就是xxx
    @PreAuthorize("hasAuthority('teacher:update')")
    @RequestMapping("/update")
    public String update(){
        return "update";
    }

    @PreAuthorize("hasRole('admin') or hasAuthority('teacher:delete')")
    @RequestMapping("/delete")
    public String delete(){
        return "delete";
    }

    @PreAuthorize("hasRole('student')")
    @RequestMapping("/list")
    public String list(){
        return "list";
    }
}
